b'Audit Report, \xe2\x80\x9cReview of the Information Technology Security of [a NASA Computer\nNetwork]\xe2\x80\x9d (IG-10-013, May 13, 2010); addendum issued July 1, 2010\n\nWe evaluated the processes for continuously monitoring selected information technology (IT)\nsecurity controls on a NASA mission computer network. Specifically, we assessed whether\nprocesses were in place to implement software patches and to identify and remediate technical\nvulnerabilities. We found that NASA did not adequately protect the network from potential\nsecurity breaches and did not always ensure that key IT security controls were monitored.\n\nWe recommended that the NASA Chief Information Officer designate a NASA Directorate or\nCenter to immediately establish an oversight process for the network to include monitoring of\nsystems connected to the network for the presence of critical patches and technical\nvulnerabilities and review all other Agency mission network IT security programs to determine\nwhether each contains an effective oversight process.\n\nThe Office of the Chief Information Officer (OCIO) partially concurred with both report\nrecommendations; however, management\xe2\x80\x99s planned actions were not fully responsive to the\nintent of our recommendations. Additional comments received in June 2010 stated that NASA\nplans to complete the following actions:\n\n   \xe2\x80\xa2   issue a memorandum to Mission Directorates, Centers, and system owners describing\n       processes and procedures for vulnerability scanning and remediation;\n\n   \xe2\x80\xa2   establish an integrated Agency oversight process to coordinate existing activities and\n       formalize channels of communication; and\n\n   \xe2\x80\xa2   implement a centralized data repository to support Agency oversight of mission computer\n       networks.\n\nThe additional comments are responsive, and the recommendations are resolved.\n\nThe report contains NASA Information Technology/Internal Systems Data that is not routinely\nreleased under the Freedom of Information Act (FOIA). To submit a FOIA request, see the\nonline guide.\n\x0c'